TechCrunch appears to have played no role whatsoever in the alleged hacking. According to TechCrunch, it was simply sent 310 documents, unsolicited. It then decided to print "financial projections, product plans and notes from executive strategy meetings," as well as "the original pitch document for the Twitter TV show that hit the news in May." Why? "[M]ostly because it’s awesome." TechCrunch voluntarily refrained from publishing other information contained in the documents, including "floorplans and security passcodes to get into the Twitter offices." According to the NY Times, TechCrunch's founder Michael Arrington (a fellow OMM alum) "is working closely with Twitter as it determines which pieces of information to publish," though "[h]e is protecting the identity of his source."
Here's what I don't get: why the ethical hand-wringing here? Why was TechCrunch's decision to publish some of the hacked documents any different from what mainstream publications like the Times and Wall Street Journal do countless times every day: print information and documents leaked from employees to reporters, without company permission? Every company I've ever heard of prefers to keep its business information confidential. Often, they have formal confidentiality policies, or even require employees (and contractors) to enter into strict nondisclosure agreements. Of course business reporters know this. And yet, without giving it a second thought, they ask employees to violate their duties to their employers, and leak confidential documents and spill the beans on company secrets. And their editors don't wring their hands; they praise their reporters for their scoops.
In some ways, what typical reporters do in soliciting confidential documents is ethically worse than what TechCrunch did. Reporters typically ask sources to give them confidential documents knowing full well that the employee is breaking company policy, and possibly civil or even criminal laws (e.g., conversion or theft of trade secrets). But TechCrunch did no such thing; by its account, the hacked documents just showed up unsolicited in its inbox. And assuming that's accurate, I think TechCrunch faces no significant legal risk from publishing the material. See Bartnicki v. Vopper, 532 U.S. 514 (2001) (radio host not liable under wiretapping statutes for broadcasting illegally intercepted conversations, where he played no role in illegal interception).
The hand-wringers can't have it both ways. Either TechCrunch's decision to print was perfectly legitimate journalism -- or what business reporters do every single day is even more unethical. Am I missing some distinction?
UPDATE: Interesting legal analysis from Sam Bayard of the Citizen Media Law Project. In a nutshell:
TechCrunch is probably in the clear for publishing anything that would qualify as a "matter of public concern" under Bartnicki and friends....To be sure, the category of "public concern" does not include everything the public might be interested in. Still, the courts are rightly hesitant to decide for themselves what is newsworthy and what is not, so they tend to err on the side of liberality. In the current scenario, it is fair to say that a good deal of information about Twitter as a company is fair game given its immense popularity and newfound cultural significance. TechCrunch has done a good job sticking to this category so far, although maybe information about a TV show Arrington himself deems "a big loser" might be a borderline case.
***I'm not sure how the First Amendment would impact a possible prosecution for receipt of stolen property because it is receipt of stolen material, not publication, which is criminalized. But it seems unlikely that First Amendment concerns wouldn't also limit criminal liability in this context.